New Network Hosts
In this sample example, we monitor and report newfound network hosts.
The NewHosts script might send an alert message like the following:
PIKT ALERT
Wed Oct 10 22:34:10 2007
vienna
INFO:
NewHosts
Report new hosts
padua.acme.com
The script follows.
#if piktmaster | piktmistress
NewHosts
init
status =piktstatus
level =piktlevel
task "Report new hosts"
input proc "=prgdir/rollcall.pl =subnets"
dat $host 1
rule
if ! #defined(%found[$host])
output mail $host
set #found[$host] = 1
else
set #found[$host] = %found[$host] + 1
fi
#endif
NewHosts invokes the rollcall.pl Perl script
#!/usr/bin/perl
$count = 1;
$timeout = 2;
while ($ARGV[0]) {
$s = $ARGV[0];
for ($a=0; $a<255; $a++) {
system("ping -c $count -W $timeout $s\.$a 2>&1 |
egrep transmitted | egrep -q \" 0% packet loss\" && echo \"$s.$a\" |
xargs nslookup -sil | egrep \"name =\" | awk -F= '{print \$NF}' |
sed 's/ //g' | sed 's/\.\$//'");
}
shift;
}
exit 0;
which uses the =subnets macro as its program argument:
subnets 10.1.0
10.1.1
10.1.2
10.2.0
10.2.1
10.2.253
10.2.254
[...]
For more examples, see Samples.
